OK, OK, MIRA-I DID IT: Botnet-building compsci kid comes clean

A former New Jersey college student has copped to helping create and run the massive Mirai DDoS botnet.

Paras Jha, 21, pleaded guilty this month in an Alaska district court to two counts [PDF, PDF] of conspiracy to commit "fraud and related activity in connection with computers."

In plea deals with US prosecutors, unsealed today, Jha admitted to being one of three people who created and ran the massive Mirai army of hacked gadgets as a DDoS-for-hire operation and as a click-fraud racket. Each of the charges carries up to five years behind bars, and Jha will also surrender the 13 Bitcoin (currently worth around $214,000) that he made from running the botnet and renting out its services.

The two other men are: Josiah White, 20, of Washington, Pennsylvania, and Dalton Norman, 21, of Metairie, Louisiana. These two also pleaded guilty to playing a role in masterminding Mirai; Dalton additionally admitted helping Jha commit ad-click fraud.

Jha admitted that, beginning in 2016, he, White and Norman began to assemble the Mirai botnet – a substantial army of hijacked Internet-of-Things devices, such as security webcams – that the trio could command at will.

Using the names "Anna Senpai" and "ogmemes," Jha operated Mirai as both a DDoS cannon that could be rented to attack companies and networks – blowing websites and servers offline – and later as a click-fraud operation that directed the malware-infected gizmos to blindly and automatically click on links in order to generate affiliate advertising money.

Source code unleashed for junk-blasting Internet of Things botnet

The Mirai device swarm made headlines first from its involvement in a string of massive-scale DDoS attacks in the summer of 2016 that rocked the internet, and again later that year when the source code for the malware was released. At the time, researchers speculated the blueprints would be seized upon by miscreants to spawn a new class of incredibly powerful botnets assembled from insecure IoT devices.

Jha, of Fanwood, New Jersey, admitted that he leaked the Mirai source code "in order to create plausible deniability if law enforcement found the code on computers."

In December 2016 and into the following year, Mirai shifted its focus from DDoS to click fraud. The authorities claimed Jha and the other two operators, Norman and White, were coining it from the botnet's activities, and cuffed the trio in January 2017.

Jha also admitted a third charge not related to Mirai. According to New Jersey's Star-Ledger, Jha, who at the time of his arrest was enrolled at Rutgers University studying computer science, pleaded guilty to DDoSing the school's network on multiple occasions between 2014 and 2016. ®